Bring your own device the future?

Quote:

---

Originally Posted by CyberNerd

New record.
A yr10 girl just brought in a 7" Polaroid android tablet.
It cost £80
Connected instantly to wi-fi and immediately synchronised all of her schoolwork (google docs), her email and her calendar.

---

You could get the power adapter for it here for that, I know it probably charges off any usb port, I'm taking that into account.

Oh and before I forget, I must spend wayyyyy to much time on here

Post count:
http://www.youtube.com/watch?v=SiMHTK15Pik

[QUOTE=GrumbleDook;881523]@Roberto and @CyberNerd
I am asking these questions to try to pin point some stuff to take into a discussion on another forum (ok ... LinkedIn) looking at the legal aspect of BYOD. The discussion is a tad lengthy at the moment around Risk Assessment and Competent Person ... so I am trying to gather a few more examples of why and how schools have made certain decisions and who in those schools have made them. Some responses when the Qs have been asked elsewhere have indeed been all about the shiny and hype, and it is good to see the quick response from @CyberNerd.

Is that forum open to anyone Grumbledook?

Quote:

---

Originally Posted by 10101010

Which Aruba do you have, I have a 3600 controller and we use the captive portal to authenticate using ad credentials

---

Yes we have the 3600.

How did you set this up?

what OS version you on - can't remember when, but I needed to upgrade OS to get this to work. I'm currently on 6.1.3.4.
I created an LDAP server on the Aruba config (see below)
On the LDAP server (2008R2) under Network Policy Server I created a policy to allow a specific AD Group combined with a NAS port type (Wirless IEEE 802) to allow only permitted users to logon.

Attachment 15803

We actually have a 3400 controller here after I checked.

Also on firmware 5.0.4.7 due to us using old 61 AP's

Thanks though, good to know it is possible in the future.

I would be interested what people are using for network access control and making sure devices are complying with AV and update policies.

At the time I couldn't afford one - looked seriously at Network Sentry 500VM Network Control and Application Server, but best part of 20k + ongoing so opted not to bother at the moment. Completely vlan'd off, devices unable to communicate with other devices, Ericom web connect solution used to allow any device to connect to a rdp session via a browser using html 5, so not overly concerned about updates and av at the moment.

forgot to say just about to trial aruba clearpass - will update post after trial.

NAC - the other way might just be to upgrade dhcp server to 2012 which allows you to filter ip's based on MAC for a specific vlan.

Quote:

---

Originally Posted by 10101010

Is that forum open to anyone Grumbledook?

---

The group owner has set it as a closed group on LinkedIn but any member of the group can invite you in. If you are on LinkedIn then drop me line and I'll invite you in (as can a number of others).

Just to update this I think we are finally getting to a good solution.

I tried implementing a transparent proxy but it slowed things down too much for normal users as they were filtered twice.

So what we have done is order a new Talk Talk line with IP based filtering, they call it "homesafe". I now have the aruba guest wireless using that as a gateway to a seperate talk talk internet line. It works quite well and seperates the guest users from the main network over a VLAN.

Basically I have built an entire 2nd network for this but hopefully it works in the real world.

Time to find out.... :playball:

Quote:

---

Originally Posted by zag

Just to update this I think we are finally getting to a good solution.

I tried implementing a transparent proxy but it slowed things down too much for normal users as they were filtered twice.

So what we have done is order a new Talk Talk line with IP based filtering, they call it "homesafe". I now have the aruba guest wireless using that as a gateway to a seperate talk talk internet line. It works quite well and seperates the guest users from the main network quite well over a VLAN.

Basically I have built an entire 2nd network for this but hopefully it works in the real world.

Time to find out.... :playball:

---

A good solution. With redundant leased lines you've got no excuse not to put it all in the cloud now :)

Project is complete!!

Guest network SSID [complete]
Captive Portal [complete]
Acceptable usage policies [complete]
Portal branding [still to do]
New internet line installed and activated [complete]
Route VLAN to the new gateway and internet line [complete]
Set IP based filtering (thankyou talk talk for being innovative in this area) [complete]

So when I try to access a naughty site we now get this
Attachment 15989

And can manage it all on-line without any extra hardware like this:
Attachment 15988

So basically we are nearly there. The only question is do we create the users manually or link them to the active directory.

Thanks for the update @zag. How does talk talk system deal with monitoring? If a pupil hits a block, is it recorded, flagged?

Quote:

---

Originally Posted by IrritableTech

Thanks for the update @zag. How does talk talk system deal with monitoring? If a pupil hits a block, is it recorded, flagged?

---

No monitoring at all unfortunately. That would be an awesome feature though. I guess it will come in time. This is still all very innovative to be doing it on the IP level.

But as its a "guest network" is totally out of my hands what they look at. I explained this to SMT as the biggest downside but they insisted it was still a good idea.

Quote:

---

Originally Posted by zag

I've noticed in Australia and New Zealand this is quite common, any ideas what it hasn't become popular over here?

---

An article in todays paper:

Schools dilemma on BYO technology

I wonder how to get hold of the original Dell report?